[Samba] restricting the windows users security tab with samba acl

Gerald (Jerry) Carter jerry at samba.org
Mon Aug 20 19:14:42 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jaan Talvet wrote:
> Hello,
> 
> We're porting all our windows file servers over to linux. I just joined
> our samba server to Active Directory and it works great with ACL - I can
> add/remove Sales, Marketing, IT groups etc.., unfortunately, so can
> everyone else. 
> 
> Q) How can I restrict our regular windows XP users from manipulating the
> "Properties -> Security" tab in file explorer? I'd need  to restrict
> that to only the "Domain Admins" group like in Windows. Right now,
> anyone can add/remove groups - that's bad.

Change the ownership of the files directory to root and
rely on group permissions.  Assuming you have 'dos filemode = no'
(the default), this should give you the semantics you want.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGyeghIR7qMdg1EfYRAidKAJ4hhmEYtXHKJANeHpqvTlKSANA/CgCeJFeV
Tz4WDUgCN9W2gIeGbhtXSQ4=
=9e7J
-----END PGP SIGNATURE-----


More information about the samba mailing list